Skip to content

core: Authorization SPI Refactor (Draft) #3681

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
sungwy wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

core: Authorization SPI Refactor (Draft) #3681

sungwy wants to merge 6 commits into from

Conversation

@sungwy
Copy link
Contributor

@sungwy sungwy commented Feb 6, 2026

This is a Draft PR I prepared to aid reviewing the new Authorization SPI Refactoring RFC

Checklist

  • πŸ›‘οΈ Don't disclose security issues! (contact security@apache.org)
  • πŸ”— Clearly explained why the changes are needed, or linked related issues: Fixes #
  • πŸ§ͺ Added/updated tests with good coverage, or manually tested (and explained how)
  • πŸ’‘ Added comments for complex logic
  • 🧾 Updated CHANGELOG.md (if needed)
  • πŸ“š Updated documentation in site/content/in-dev/unreleased (if needed)

@github-project-automation github-project-automation bot moved this to PRs In Progress in Basic Kanban Board Feb 6, 2026
dimas-b
dimas-b reviewed Feb 7, 2026
View reviewed changes
runtime/service/src/main/java/org/apache/polaris/service/admin/PolarisAdminService.java
op,
rootContainerWrapper,
null /* secondary */);
AuthorizationCallContext authzContext = new AuthorizationCallContext(resolutionManifest);
Copy link
Contributor

@dimas-b dimas-b Feb 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it be possible to inject it from CDI? Ideally resolutionManifest should also be a request-scoped (auto-created) bean, but for a start we could add it to AuthorizationCallContext manually since AuthorizationCallContext is expected to be mutable anyway πŸ€” WDYT?

Copy link
Contributor Author

@sungwy sungwy Feb 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @dimas-b - great suggestion.

Yes, I think that aligns well with the proposed strategy to define the Resolution semantics at request-scope instead, and build consistency guarantees on it. I think creating a request-scoped bean for AuthorizationCallContext would be safe, and we can evaluate if we can do the same for the resolution semantics after a dedicated design proposal on the Resolution/Persistence model

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dimas-b dimas-b dimas-b left review comments

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sungwy @dimas-b